GHSA-69q2-p9xp-739v

Source

https://github.com/advisories/GHSA-69q2-p9xp-739v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-69q2-p9xp-739v/GHSA-69q2-p9xp-739v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-69q2-p9xp-739v

Aliases

Withdrawn

2024-10-09T20:47:08Z

Published

2021-04-20T16:32:08Z

Modified

2024-11-29T05:40:28.628319Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Duplicate Advisory: XML Injection in petl

Details

Duplicate Advisory

This advisoerey has been withdrawn because it is a duplicate of GHSA-f5gc-p5m3-v347. This link is maintained to preserve external references.

Original Description

petl before 1.68, in some configurations, allows resolution of entities in an XML document.

Database specific

{
    "nvd_published_at": "2020-11-26T05:15:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-13T19:20:39Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-91"
    ]
}

References

Affected packages

PyPI / petl

Package

Name: petl; View open source insights on deps.dev
Purl: pkg:pypi/petl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.8

Affected versions

0.*

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0.10

0.10.1

0.10.2

0.11

0.11.1

0.12

0.13

0.13.1

0.14

0.15

0.16

0.16.1

0.16.2

0.17

0.17.1

0.18

0.18.1

0.19

0.20

0.21

0.21.2

0.22

0.22.1

0.23

0.24

0.24.1

0.24.2

0.24.3

0.25

0.25.1

0.25.2

0.25.3

0.26

1.*

1.0.0-alpha1

1.0.0a2

1.0.0a3

1.0.0b1

1.0.0b2

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.1.0

1.1.1

1.2.0

1.3.0rc3

1.3.0

1.4.0

1.5.0

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7